For a secure iSession deployment, you must use SSL encryption to secure the endpoints of the iSession connection. The default SSL profile settings on BIG-IP acceleration Quick Start screen are sufficient to get symmetric optimization up and running in a demo environment or for testing. F5 recommends that, to secure the endpoints, you specify SSL profiles that use a symmetric optimization-specific root certificate (cert) from a trusted certificate authority (CA).
The process of securing an iSession deployment using SSL includes creating a cert for each iSession endpoint, and then specifying this cert (along with its associated key) in acceleration-related profiles and settings on the system. Before you start this procedure, ensure that you have configured the BIG-IP on both sides of the WAN. This implementation is based on the default acceleration settings, except where noted.
The following illustration shows the network setup. The example in this implementation uses the specified IP addresses.
After you complete the tasks in this implementation, you have secured the iSession endpoints of your symmetric deployment. The iSession traffic is now secure. Next, you can encrypt data traffic with iSession, using either IPsec for all applications, or SSL on a per-application basis.